Page MenuHomeFreeBSD
Differential D53545

ifconfig: Fix invalid free() in ifbridge
ClosedPublic
Actions

Authored by ivy on Nov 3 2025, 5:28 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 1, 8:50 AM
Unknown Object (File)
Sun, Nov 30, 7:42 AM
Unknown Object (File)
Sun, Nov 30, 5:37 AM
Unknown Object (File)
Fri, Nov 28, 10:20 AM
Unknown Object (File)
Thu, Nov 20, 2:08 AM
Unknown Object (File)
Thu, Nov 20, 2:08 AM
Unknown Object (File)
Thu, Nov 20, 2:02 AM
Unknown Object (File)
Thu, Nov 13, 7:01 PM
View All 28 Files
Subscribers
imp
zlei

Details

Reviewers
des
kevans
zlei
Group Reviewers
network
Commits
rG88c5a4996b90: ifconfig: Fix invalid free() in ifbridge
rGfe2e53443377: ifconfig: Fix invalid free() in ifbridge
rG0899f7a3b791: ifconfig: Fix invalid free() in ifbridge
Summary

parse_vlans() does 's = strdup(str)', then calls strsep(&s, ...), then
attempts to free(s) at the end of the function. For the success case,
this is fine (s is NULL, so it's a trivial memory leak), but in the
error case, we will attempt to free an invalid pointer.

Fix this by storing the original return value from strdup() and freeing
that instead.

Reported by: David Gwynne <dlg@openbsd.org>
MFC after: 3 days

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sbin/
ifconfig/
8 lines

Diff 165782

View Options

sbin/ifconfig/ifbridge.c

Loading...